Permission Groups can be automatically assigned to users during initial provisioning / creation, and updated as needed on subsequent authentications.
Groups Mapping can be configured within the Authenticator via the following field options:
Group Value(s) Mapping
If Group Name values are provided in the assertion and match exactly the Group Name values available in IntelligenceBank, these Groups can be automatically assigned to the user. Supported assertion parameters are "groups" or "member-of".
Only Map Group Value(s) on User Creation
If Group Value(s) Mapping is enabled, you can choose for the feature to only apply when a user is initially automatically created as part of the assertion. This requires the Auto User Creation on SSO setting to be enabled under Admin > Settings.
Group Value(s) Mapping Type
This option defines the behaviour of the mapping. On Creation:
- On initial user creation, if there is a Template user in the system, the Groups from the assertion are either MERGED with the Template User Groups or REPLACE the Template User Groups.
- If there is no Template user enabled in the system, the Groups are assigned to the user in both scenarios where Merge or Append is enabled. If no values are matched, the user will not be created.
On Updates / Subsequent Assertions:
- REPLACE — Group values in the assertion replace any existing group values against the user account at the time of assertion. This does not apply if there are no Groups listed in the assertion, or if zero Group name values from the assertion can be matched — in this case the current Group values are kept (a user should not have 0 groups).
- MERGE — Group values are appended to / merged with any existing groups available for the user at the time of the assertion.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article